Log file problem

Recently the log files created seem to have gotten out of control! I have the logging preference set to 250MB for testing, (was at 25MB), when that file size is reached the log file is moved to a temp folder. The problem is that yesterday between 6:00AM and 9:10AM it created nine of these files totaling 2.2GB, then from 3:22PM to 6:47PM it created four more totaling 1GB. When I had logging set to 25MB recently, when the computer was on all day, Comodo created a total of 194 log files totaling 4.98GB! So far this morning in only an hour it has created files totaling 866MB.

I’ve tried loading some of these files into the log viewer but, there is nothing viewable. Opening the files in notepad shows there is information in them but, can’t really be read that way.

My question is, why are so many log files created and how can I stop it? I have Comodo firewall version 5.4.189822.1355.

Thank you for any wisdom you may have.

It sounds like you have a problem somewhere. I have my maximum log file size set to 5MB and I can go for several days before a new file is created. have you been able to observer the logging in real time?

I have the log viewer running now, not much showing up really. When I try to bring up the Configuration Changes tab there long delays every time. In the last few minutes there are 3 listing for Eset NOD32 antivirus, that say, ‘Object Changed’, ‘Auto Learn’. I wonder if recent updates of both programs have caused them to not get along together?

It’s certainly a possibility. Is there a possibility of you removing NOD, even temporally? Alternatively, you could always try opening a saved log file with something like SQLite Database Browser It’s possible it may provide some additional information on the data in the logs.

Thanks for the tip about SQLite. Using it I was able to determine the problem is with NOD32, it is creating hundreds of entries every few minutes, all of them relating to creating or changing files in the Windows temp folder.

The odd thing is I have the same two programs running together on my laptop, both with Windows 7 64bit, and don’t have this problem at all. Actually this computer only started doing this a few weeks ago.

I’ll have to try uninstalling and reinstalling NOD32 and maybe Comodo to see if that fixes the problem.

Anyone else have this kind of issue?

Just an update for anyone who may have this same problem.

It turns out the huge log files were being caused by NOD32’s ‘ThreatSence’ engine. The particular option is “Detection of potentially unwanted applications. If this option is turned off then the problem is fixed. I’m certain Comodo will catch any problems of this type anyway. If anyone knows this to be untrue, please post here and correct me.

Not an NOD32 user and just thinking out loud. May be you can add the CIS installation folder to the ThreatSence exclusion (assuming there is such a possibility)?

Doesn’t seem to be an option in NOD32 but, you may be on something, I’ll check more on options that might be workable. Thank you

This is also happening to me, with Comodo Version 5.4.189822.1355 and Avast5 Version 5.0.1125 on my Win7 32bit Laptop: HP Pavillion DV6-2119TX - with near identical symptoms to Pepe58

1 Mbyte of logfile is created about every 7 seconds.

Turning off the Avast5 “real time” shields reduces the data generation in the log to around 1Mbyte every 5 to 10 minutes (varies widely at times) but still way too much. I’ve not looked, but suspect this residual logging is probably other apps (not avast5).

Whilst I don’t understand what activity the log is reporting, I know it contains thousands upon thousands of lines, all much the same. eg:

The end of the very first line in Config Changes, (Old Value or New Value), for cells reporting interraction with Comodo, had: TreatAs=“”>

which kind of suggested Comodo had somehow received a null string to a request for user input - perhaps starting the highly repetitive routine every time Avast5Svc.exe tries to connect to the internet? I estimated that the “Treat As” line was followed by about 9000 lines similar to as shown above. Entire cell varied from about 500K characters up to around 900K characters (as reported by the database examining application).

I also noticed that when I killed the Avast5 real time shields, the fan on my laptop quietened down - first time I’ve heard it so quiet for quite a long while!

Attached is a sample file (meant to be 1 Mbyte in size, but looks like the logfile is being written in a minimum size of a little over 3 Mbytes, notwithstanding what preferences are set at).

Anyone else having this issue? Anyone got an answer? No doubt I should have included some other info, just can’t think what at the moment :smiley:

Edit: The internal Comodo logfile doesn’t show anything any more - except that the old logfile has been written out to the file storage area.

[attachment deleted by admin]

Hi Harrykiri,

This FAQ could help you find a workaround to your problem : Comodo Forum

!ot! Avast is in version 6 since a few months

Hey Boris 3,

Thanks for your reply.

I updated Avast to version 6.0.1125 hoping for a fix. Your “Off Topic” flag was very diplomatic ;D

Sadly after a reboot, still the same problem.

In the end I disabled Defense Plus, as Comodo was installed with the intention of being my prime firewall - I didn’t really need anything else given other antivirus was already installed.

Instant success with no further log files being written out to disk.

Interestingly, the secondary effect was that my laptop fan hasn’t come on since then - and an area on the desk my laptop sits on is now much cooler than previously when the laptop is running. The clash of software and furious I/O was obviously working at least one of the four processors quite hard.

'Nuther happy satisfied customer here, many thanks for your words of wisdom!

HarryK

Hi Harrykiri,

If in the future, you eventually decide to reactivate Defense+, you could give a try to the moderator Mouse1’s FAQ (link mentioned in my previous reply) to make Avast and Defense+ live in peaceful cohabitation.

Boris

There is a problem with Avast 6 where it will hammer cmdagent.exe for memory access. CIS self protection will block that behaviour but since there are so many memory access attempts it may drive up the cpu usage of cmdagent.exe and will rapidly fill the logs.

This can be solved by adding the Comodo installation folders to the Avast exclusions. That way you can keep D+ enabled. D+ is what gives CIS its protective strength.

Thanks EricJH,

I decided to have another look (this time ignoring the contents of the log database). By process of elimination, I found I can get Avast6 to run without triggering Defence + into the memory protection mode, providing the Webshield is turned off in Avast6 <edited: version typo>.

Hours before I found the poor outcome of having Avast Webshield running, I attempted to protect Avast’s directories in both \Program Files and \Program Data by customizing the AvastSvc.exe rule (in Comodos Defence +) to allow all possible access rights for AvastSvc.exe (13 of them IIRC). It didn’t fix the problem, but I left those access rights in place for the present anyway.

Edit: I also tried to exclude both Comodo directories from Avast’s influence. Such exclusions could only be done in the Avast “File System Shield expert settings” and not the Webshield. Not unexpectedly, the Avast “Webshield” “expert settings” had no provision for specific directory exclusions, rather had exclusions for filename extension groups, and also specific individual URL’s.

I’ve turned off the Avast Webshield and reactivated Defence Plus. For now, it seems to be running smoothly again and I trust Comodo is carrying out the function of Avast’s webshield. Touch wood, I hope that turning off the Webshield is all that is needed to fix this issue for others. And ;D oh joy, my Laptop fan is still stopped, the silence is a truly wonderful unexpected bonus!

Again, many thanks for your help everyone, each post has contained helpful information I needed to get me through to this point.

HarryK

■■■■, the log file issue continues, however on a much smaller scale thank goodness.

I’m seeing around 12 MBytes of logged data being generated roughly every 24 hours. Radaghast previously posted he generated around 5 MBytes every few days, so his install is producing approximately one quarter of that produced by my laptop.

Avast continues to produce most of the entries - in particular the file avast.setup. I’m currently not sure how to approach this without a bucket load of time spent which I cannot afford. In the last 24 hours, there have been other apps which have also caused varying no’s of lines to be written - possibly these miscellaneous others might be responsible for the (normal) 5MBytes seen every few days by Radaghast.

I hope to review the suggestions in this thread once more, when I get more time … in the meantime, if anyone else has progressed further, I’ll be very happy to read about it ;D

Edit: Sadly, I’ve had to return to disabling the Defence +. I’m hoping that in time, perhaps future updates to one or both apps concerned might resolve the problem, so will check at intervals, to see if the issue has been solved. Thanks to all posters for the assistance!

[attachment deleted by admin]